DNSSEC Analyzer - bogus.d2a1n1.rootcanary.net

Domain Name:

Time: 2023-10-02 22:05:54 UTC, NTP stratum 4

Analyzing DNSSEC problems for bogus.d2a1n1.rootcanary.net

DS=20326/SHA-256 is now in the chain-of-trust

	Checking DS between Trust Anchor and .
	`. IN DS ( 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d )`
	Query to m.root-servers.net for ./DNSKEY
	Received 1141 bytes from 202.12.27.33
	;; Response received from 202.12.27.33 (1141 octets) ;; HEADER SECTION ;; id = 15027 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 4 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; . IN DNSKEY ;; ANSWER SECTION (4 records) . 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326 . 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780 . 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019 . 172800 IN RRSIG ( DNSKEY 8 0 172800 20231022000000 20231001000000 20326 . WQ+tzT8gKOYmaX8NLjusFmLz4zLVeeY3hAmZUKxl7/6LxY3lJh6qRIgLNBN7EkAhyTbjVVryUhEY ExIX/luU4fGmUCyxhYZwF+2bCv3uT4DaI8ssk3USVFFOR9wTkggzVYrtr2UH1PFmQ5hE//aiPfsy NEAisEXMZX3nUT/aCd5oZ6LlH53Nz9CZOa0vNHTu6erIg+mhAOzshcG9/BIfCrYJ1H5D5serTV1x t3Tvw2+KX6w3dG1Nb6vVNpe9Yj7Eb0B85FiqzoAM5jcwHiY+rovSbdVpmD3mIHXZ65wCiBGa6vQS nJQXwchjWQPnSDFLGuZh3dt89C65erw9grHteQ== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 3 DNSKEY records for .
	`. 172800 IN DNSKEY ( 257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlE xOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgC mr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+ SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnX GXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ) ; Key ID = 20326`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAddS95RV5uUtkUCN7vyvpb0kDZgmtXwN5Sj/d08+X7ND2sgWBabKnFhftrOsSx9DUhKR3gpM PIxac84Nou8Wzkiu2A/sTzP1F6KpCL8epgemdlZVd1ATHEjpB0KHIQmDjSEO/frGgi8ijQ2vDF3A MSrUwH7qntL1E5ufPHGKRM+agGghcAYfJHJN1dw7Ki3Fo22RDB3VZBxU9yJ3vl/T4hngeL7zK84v gl62tlJJw1rK5S/3U4p/bZarjtMFOHDfh0DEj1ywtRpkpPnge03gmINoa2tz+Kff67kbQb0NhHJY zPRpViaMEWZI9pgGH9ZyuFdNrNRx68XSiO7sya7/i+c= ) ; Key ID = 46780`
	`. 172800 IN DNSKEY ( 256 3 8 AwEAAcEtWatIO3exfN3A+WnZl7AVEBA3crRrrwKTfnmcdLt79C3DCOF1JX5zb4s84v0OxwlOVg+T R8VpkuYynMp3PQXLomLxe7j7PlxqEBo1LQaWfqyymCuF7rKebTLB5yZcr8/QUPwk/weLyguX6iVN DjIZOmeMqPkGJtDFp+EUfKgOa8AulKPLtsUL1W+1FT8sqroSxKXVXnhkEZN1O1zBxTG/z9xjwiPc d3//LSPUpEC9+rU2XIuCJq8nwAwJ7W6Rc49RxUT0Svc57HKqHjNuapvG0PCYh3bXCQzb7mb2pNwu erMFTzP5iEzXWZD7izLg9j3wEJ2Ia/WIEts/Tp9GIQM= ) ; Key ID = 11019`
	DNSKEY=20326/SEP is now in the chain-of-trust
	DS=20326/SHA-256 verifies DNSKEY=20326/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`. 172800 IN RRSIG ( DNSKEY 8 0 172800 20231022000000 20231001000000 20326 . WQ+tzT8gKOYmaX8NLjusFmLz4zLVeeY3hAmZUKxl7/6LxY3lJh6qRIgLNBN7EkAhyTbjVVryUhEY ExIX/luU4fGmUCyxhYZwF+2bCv3uT4DaI8ssk3USVFFOR9wTkggzVYrtr2UH1PFmQ5hE//aiPfsy NEAisEXMZX3nUT/aCd5oZ6LlH53Nz9CZOa0vNHTu6erIg+mhAOzshcG9/BIfCrYJ1H5D5serTV1x t3Tvw2+KX6w3dG1Nb6vVNpe9Yj7Eb0B85FiqzoAM5jcwHiY+rovSbdVpmD3mIHXZ65wCiBGa6vQS nJQXwchjWQPnSDFLGuZh3dt89C65erw9grHteQ== )`
	RRSIG=20326 and DNSKEY=20326/SEP verifies the DNSKEY RRset
	DNSKEY=46780 is now in the chain-of-trust
	DNSKEY=11019 is now in the chain-of-trust
	Query to e.root-servers.net for bogus.d2a1n1.rootcanary.net/A
	Received 1184 bytes from 192.203.230.10
	;; Response received from 192.203.230.10 (1184 octets) ;; HEADER SECTION ;; id = 54836 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . KYshTQBHpfvlnZjE0bkI81LgT/rsVFdRbs+uxno5ntTd4se9dxboNk7oO9ptkeAWiLpMaXPlOHyW ZJF2snPAuBFp+1n5RCDjn1FookLHz/NsBZr61MfvqeqTj6C6zdpl9zatIY82bLNpt30gPiyZul77 YLXcl4fVFlbArnIMti8xTOMdv1cQpj7xfxRksfIkdAotXVa8OVOvFWyHbq6C64TB7jVEnHr6wUPr KpIzVGpE7kGTMwDwRi38KeksNXB46MNvsxeK/43+BlRoXmOazBhzwXg8EpqLacmT9pB5MwPCmhDm MrY+GhIay/YKjeN5RMjUnv/aFHT0vqtKjcrN+w== ) ;; ADDITIONAL SECTION (27 records) a.gtld-servers.net. 172800 IN A 192.5.6.30 b.gtld-servers.net. 172800 IN A 192.33.14.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 h.gtld-servers.net. 172800 IN A 192.54.112.30 i.gtld-servers.net. 172800 IN A 192.43.172.30 j.gtld-servers.net. 172800 IN A 192.48.79.30 k.gtld-servers.net. 172800 IN A 192.52.178.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 m.gtld-servers.net. 172800 IN A 192.55.83.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to a.root-servers.net for net/DNSKEY
	Received 1160 bytes from 198.41.0.4
	;; Response received from 198.41.0.4 (1160 octets) ;; HEADER SECTION ;; id = 22687 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 15 arcount = 27 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (15 records) net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . KYshTQBHpfvlnZjE0bkI81LgT/rsVFdRbs+uxno5ntTd4se9dxboNk7oO9ptkeAWiLpMaXPlOHyW ZJF2snPAuBFp+1n5RCDjn1FookLHz/NsBZr61MfvqeqTj6C6zdpl9zatIY82bLNpt30gPiyZul77 YLXcl4fVFlbArnIMti8xTOMdv1cQpj7xfxRksfIkdAotXVa8OVOvFWyHbq6C64TB7jVEnHr6wUPr KpIzVGpE7kGTMwDwRi38KeksNXB46MNvsxeK/43+BlRoXmOazBhzwXg8EpqLacmT9pB5MwPCmhDm MrY+GhIay/YKjeN5RMjUnv/aFHT0vqtKjcrN+w== ) ;; ADDITIONAL SECTION (27 records) e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 f.gtld-servers.net. 172800 IN A 192.35.51.30 f.gtld-servers.net. 172800 IN AAAA 2001:503:d414::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 j.gtld-servers.net. 172800 IN A 192.48.79.30 j.gtld-servers.net. 172800 IN AAAA 2001:502:7094::30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone net

net

	Checking DS between . and net
	Query to e.root-servers.net for net/DS
	Received 367 bytes from 192.203.230.10
	;; Response received from 192.203.230.10 (367 octets) ;; HEADER SECTION ;; id = 2585 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DS ;; ANSWER SECTION (2 records) net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee ) net. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . KYshTQBHpfvlnZjE0bkI81LgT/rsVFdRbs+uxno5ntTd4se9dxboNk7oO9ptkeAWiLpMaXPlOHyW ZJF2snPAuBFp+1n5RCDjn1FookLHz/NsBZr61MfvqeqTj6C6zdpl9zatIY82bLNpt30gPiyZul77 YLXcl4fVFlbArnIMti8xTOMdv1cQpj7xfxRksfIkdAotXVa8OVOvFWyHbq6C64TB7jVEnHr6wUPr KpIzVGpE7kGTMwDwRi38KeksNXB46MNvsxeK/43+BlRoXmOazBhzwXg8EpqLacmT9pB5MwPCmhDm MrY+GhIay/YKjeN5RMjUnv/aFHT0vqtKjcrN+w== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for net in the . zone
	DS=35886/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`net. 86400 IN RRSIG ( DS 8 1 86400 20231015200000 20231002190000 46780 . KYshTQBHpfvlnZjE0bkI81LgT/rsVFdRbs+uxno5ntTd4se9dxboNk7oO9ptkeAWiLpMaXPlOHyW ZJF2snPAuBFp+1n5RCDjn1FookLHz/NsBZr61MfvqeqTj6C6zdpl9zatIY82bLNpt30gPiyZul77 YLXcl4fVFlbArnIMti8xTOMdv1cQpj7xfxRksfIkdAotXVa8OVOvFWyHbq6C64TB7jVEnHr6wUPr KpIzVGpE7kGTMwDwRi38KeksNXB46MNvsxeK/43+BlRoXmOazBhzwXg8EpqLacmT9pB5MwPCmhDm MrY+GhIay/YKjeN5RMjUnv/aFHT0vqtKjcrN+w== )`
	RRSIG=46780 and DNSKEY=46780 verifies the DS RRset
	DS=35886/SHA-256 is now in the chain-of-trust
	`net. 86400 IN DS ( 35886 8 2 7862b27f5f516ebe19680444d4ce5e762981931842c465f00236401d8bd973ee )`
	Query to b.gtld-servers.net for net/DNSKEY
	Received 775 bytes from 192.33.14.30
	;; Response received from 192.33.14.30 (775 octets) ;; HEADER SECTION ;; id = 24906 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; net. IN DNSKEY ;; ANSWER SECTION (3 records) net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886 net. 86400 IN DNSKEY ( 256 3 8 AQOstEm49K0FIgk1w6UGsbSAhErae1/r2RYzSpWvUe2ksZ/QcVpVx8GPnjJDb6hFhbU5sbpu89qb g4FmlAAqs9Bn+Lm2E1joNbeiCZ5HRC3/jK0m2D8+YCz6YcnV4EmpMoxxeQdwLAQ3XO6GAttKtApU 493b1XkjIS5sr4DR4uBMlw6rhxiSL7fnVShVzOS7jfPcdglU8qmatZFNMs///cS5 ) ; Key ID = 39455 net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231011162830 20230926162330 35886 net. kZEdhJ3e8pA0rkp1puQfmPFZpIwelEpEE4fSXWDstm2QyKLxHrg+mTJbfaXmJWMrrl5BKhWcJfDt ybhjsJ3cvVCtKfa8zL1AJx2Fugh30zzCcmHpslASzL5c8KRyy2dNgfG3YFnaXS4+CXHkJ0QMj1MH 4RaJnsv8m7xBxtfeh4kcq65+cdpBlmT7BbiJ5X2lV/Nfyy8OxBmfhtqr1fyA40rPTuyA2SNroXS+ N+dsOAgY1CIXdFjQdaL33KbmSsSOFugelH5V7dcSr70WsvjApO/ZXcSy9myeJ+q4O6R+Y1D6Tj6s g7b96csAYnWYJX8MzZTCijrjxuhzNRCduqF6bw== ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 2 DNSKEY records for net
	`net. 86400 IN DNSKEY ( 257 3 8 AQOYBnzqWXIEj6mlgXg4LWC0HP2n8eK8XqgHlmJ/69iuIHsa1TrHDG6TcOra/pyeGKwH0nKZhTmX SuUFGh9BCNiwVDuyyb6OBGy2Nte9Kr8NwWg4q+zhSoOf4D+gC9dEzg0yFdwT0DKEvmNPt0K4jbQD S4Yimb+uPKuF6yieWWrPYYCrv8C9KC8JMze2uT6NuWBfsl2fDUoV4l65qMww06D7n+p7RbdwWkAZ 0fA63mXVXBZF6kpDtsYD7SUB9jhhfLQE/r85bvg3FaSs5Wi2BaqN06SzGWI1DHu7axthIOeHwg00 zxlhTpoYCH0ldoQz+S65zWYi/fRJiyLSBb6JZOvn ) ; Key ID = 35886`
	`net. 86400 IN DNSKEY ( 256 3 8 AQOstEm49K0FIgk1w6UGsbSAhErae1/r2RYzSpWvUe2ksZ/QcVpVx8GPnjJDb6hFhbU5sbpu89qb g4FmlAAqs9Bn+Lm2E1joNbeiCZ5HRC3/jK0m2D8+YCz6YcnV4EmpMoxxeQdwLAQ3XO6GAttKtApU 493b1XkjIS5sr4DR4uBMlw6rhxiSL7fnVShVzOS7jfPcdglU8qmatZFNMs///cS5 ) ; Key ID = 39455`
	DNSKEY=35886/SEP is now in the chain-of-trust
	DS=35886/SHA-256 verifies DNSKEY=35886/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`net. 86400 IN RRSIG ( DNSKEY 8 1 86400 20231011162830 20230926162330 35886 net. kZEdhJ3e8pA0rkp1puQfmPFZpIwelEpEE4fSXWDstm2QyKLxHrg+mTJbfaXmJWMrrl5BKhWcJfDt ybhjsJ3cvVCtKfa8zL1AJx2Fugh30zzCcmHpslASzL5c8KRyy2dNgfG3YFnaXS4+CXHkJ0QMj1MH 4RaJnsv8m7xBxtfeh4kcq65+cdpBlmT7BbiJ5X2lV/Nfyy8OxBmfhtqr1fyA40rPTuyA2SNroXS+ N+dsOAgY1CIXdFjQdaL33KbmSsSOFugelH5V7dcSr70WsvjApO/ZXcSy9myeJ+q4O6R+Y1D6Tj6s g7b96csAYnWYJX8MzZTCijrjxuhzNRCduqF6bw== )`
	RRSIG=35886 and DNSKEY=35886/SEP verifies the DNSKEY RRset
	DNSKEY=39455 is now in the chain-of-trust
	Query to c.gtld-servers.net for bogus.d2a1n1.rootcanary.net/A
	Received 437 bytes from 192.26.92.30
	;; Response received from 192.26.92.30 (437 octets) ;; HEADER SECTION ;; id = 63075 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20231009070106 20231002055106 39455 net. BFZuc3315cnFNWF9sJ11avCEKoKotzHi9NQlHdxTiSs3wp0IhBJrSeqIdXzMV9E7hoqaqYw6Kpn5 +gKDrjcBGkfvLdjL2+8TE9ChoXW0Qwc+eIcFeI1RskTdMWV1Hg9jtdz/Sc6y+MqNiU6bHUmdDM0N LTl8r/LGATb9WUEXR2weekjXkuDJ19Brp38FIt+imMecvwXdlyvm2L6HcWoURQ== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Query to a.gtld-servers.net for rootcanary.net/DNSKEY
	Received 424 bytes from 192.5.6.30
	;; Response received from 192.5.6.30 (424 octets) ;; HEADER SECTION ;; id = 54442 ;; qr = 1 aa = 0 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 6 arcount = 3 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (6 records) rootcanary.net. 172800 IN NS ns1.surfnet.nl. rootcanary.net. 172800 IN NS ns2.surfnet.nl. rootcanary.net. 172800 IN NS ns3.surfnet.nl. rootcanary.net. 172800 IN NS ns1.zurich.surf.net. rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20231009070106 20231002055106 39455 net. BFZuc3315cnFNWF9sJ11avCEKoKotzHi9NQlHdxTiSs3wp0IhBJrSeqIdXzMV9E7hoqaqYw6Kpn5 +gKDrjcBGkfvLdjL2+8TE9ChoXW0Qwc+eIcFeI1RskTdMWV1Hg9jtdz/Sc6y+MqNiU6bHUmdDM0N LTl8r/LGATb9WUEXR2weekjXkuDJ19Brp38FIt+imMecvwXdlyvm2L6HcWoURQ== ) ;; ADDITIONAL SECTION (3 records) ns1.zurich.surf.net. 172800 IN A 195.176.255.9 ns1.zurich.surf.net. 172800 IN AAAA 2001:620:0:9::1103 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found child zone rootcanary.net

rootcanary.net

	Checking DS between net and rootcanary.net
	Query to b.gtld-servers.net for rootcanary.net/DS
	Received 1186 bytes from 192.33.14.30
	;; Response received from 192.33.14.30 (1186 octets) ;; HEADER SECTION ;; id = 49009 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 14 arcount = 23 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DS ;; ANSWER SECTION (2 records) rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 ) rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20231009070106 20231002055106 39455 net. BFZuc3315cnFNWF9sJ11avCEKoKotzHi9NQlHdxTiSs3wp0IhBJrSeqIdXzMV9E7hoqaqYw6Kpn5 +gKDrjcBGkfvLdjL2+8TE9ChoXW0Qwc+eIcFeI1RskTdMWV1Hg9jtdz/Sc6y+MqNiU6bHUmdDM0N LTl8r/LGATb9WUEXR2weekjXkuDJ19Brp38FIt+imMecvwXdlyvm2L6HcWoURQ== ) ;; AUTHORITY SECTION (14 records) net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN RRSIG ( NS 8 1 172800 20231007070034 20230930055034 39455 net. QpD3y9enGREqIvv/6UHgyh2w7U5CcmaT2crMmkRDveRIujvYIoLi2jsRdOAJ9OaiX4mRxNqI/4pP 7ukwfO1qRbYgKXAHzzQVFRapcTyH3S4oufleDBw9JSyt1M4VH0rXk3st1HBwSPeMBTr+ARzQFVgt Zq1+QV7cpn5TORCfIAyDj1TSZLb6fzIXnUHl7uv+7cYAPnbJWlEEEBUwAp1BBQ== ) ;; ADDITIONAL SECTION (23 records) d.gtld-servers.net. 172800 IN A 192.31.80.30 d.gtld-servers.net. 172800 IN AAAA 2001:500:856e::30 m.gtld-servers.net. 172800 IN A 192.55.83.30 m.gtld-servers.net. 172800 IN AAAA 2001:501:b1f9::30 a.gtld-servers.net. 172800 IN A 192.5.6.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 e.gtld-servers.net. 172800 IN A 192.12.94.30 e.gtld-servers.net. 172800 IN AAAA 2001:502:1ca1::30 c.gtld-servers.net. 172800 IN A 192.26.92.30 c.gtld-servers.net. 172800 IN AAAA 2001:503:83eb::30 i.gtld-servers.net. 172800 IN A 192.43.172.30 i.gtld-servers.net. 172800 IN AAAA 2001:503:39c1::30 b.gtld-servers.net. 172800 IN A 192.33.14.30 b.gtld-servers.net. 172800 IN AAAA 2001:503:231d::2:30 g.gtld-servers.net. 172800 IN A 192.42.93.30 g.gtld-servers.net. 172800 IN AAAA 2001:503:eea3::30 k.gtld-servers.net. 172800 IN A 192.52.178.30 k.gtld-servers.net. 172800 IN AAAA 2001:503:d2d::30 l.gtld-servers.net. 172800 IN A 192.41.162.30 l.gtld-servers.net. 172800 IN AAAA 2001:500:d937::30 h.gtld-servers.net. 172800 IN A 192.54.112.30 h.gtld-servers.net. 172800 IN AAAA 2001:502:8cc::30 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 4096 ;; option:
	Found 1 DS records for rootcanary.net in the net zone
	DS=64786/SHA-256 has algorithm RSASHA256
	Found 1 RRSIGs over DS RRset
	`rootcanary.net. 86400 IN RRSIG ( DS 8 2 86400 20231009070106 20231002055106 39455 net. BFZuc3315cnFNWF9sJ11avCEKoKotzHi9NQlHdxTiSs3wp0IhBJrSeqIdXzMV9E7hoqaqYw6Kpn5 +gKDrjcBGkfvLdjL2+8TE9ChoXW0Qwc+eIcFeI1RskTdMWV1Hg9jtdz/Sc6y+MqNiU6bHUmdDM0N LTl8r/LGATb9WUEXR2weekjXkuDJ19Brp38FIt+imMecvwXdlyvm2L6HcWoURQ== )`
	RRSIG=39455 and DNSKEY=39455 verifies the DS RRset
	DS=64786/SHA-256 is now in the chain-of-trust
	`rootcanary.net. 86400 IN DS ( 64786 8 2 5cd8f125f5487708121a497bd0b1079406add42002b3c195ee0669d2aeb763c9 )`
	Query to ns2.surfnet.nl for rootcanary.net/DNSKEY
	Received 513 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (513 octets) ;; HEADER SECTION ;; id = 13018 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; rootcanary.net. IN DNSKEY ;; ANSWER SECTION (3 records) rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188 rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786 rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20231111063702 20230926063702 64786 rootcanary.net. TMAl+ruC/zAtM+FW3fXPg/kjotznbtORxzy7G1GbqjzuKNCloi2SaEi+PdTNJ5Zh20fepNFVc1Id Mw8nNyT4n4RP6kpRlgEaXpGedzjkEkwExyz14XwY7ybDFB/EhdZFnNiDTunTeotinINJgsopTijM 7wpTHkp6cSc63dSwin4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 2 DNSKEY records for rootcanary.net
	`rootcanary.net. 60 IN DNSKEY ( 256 3 8 AwEAAbTt2EpLNxL2BJh6zgrhiEBK1sfxYPvEQgQkM1O53+lnT+c8W+9lYMhI1m2mLwecKvq7ePok 5d1XO11UKUXV5pRD9d66qXLwDxMJ4krEMlOvmMS/HWskybkREtMdPdcv5eNdtuT8VeCPTGZuoNe2 oEK4NFSUU5eG0pkWo27Kl3oV ) ; Key ID = 25188`
	`rootcanary.net. 60 IN DNSKEY ( 257 3 8 AwEAAdDk0xPx74/+J4BFAtodd6j2yTDoX9D+paSjzxVl+jMQmrsrQprdBxX3fale9f62j4oo7scf U+wabBXl56lehbw/wds6oVqDNun9ORQisXhIq9H+u3a9WtTAF+OQyPoSirRLYdNR7+wWvb88L27w 88+jL0gkFb8klGzr03EFrq6r ) ; Key ID = 64786`
	DNSKEY=64786/SEP is now in the chain-of-trust
	DS=64786/SHA-256 verifies DNSKEY=64786/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`rootcanary.net. 60 IN RRSIG ( DNSKEY 8 2 60 20231111063702 20230926063702 64786 rootcanary.net. TMAl+ruC/zAtM+FW3fXPg/kjotznbtORxzy7G1GbqjzuKNCloi2SaEi+PdTNJ5Zh20fepNFVc1Id Mw8nNyT4n4RP6kpRlgEaXpGedzjkEkwExyz14XwY7ybDFB/EhdZFnNiDTunTeotinINJgsopTijM 7wpTHkp6cSc63dSwin4= )`
	RRSIG=64786 and DNSKEY=64786/SEP verifies the DNSKEY RRset
	DNSKEY=25188 is now in the chain-of-trust
	Query to ns2.surfnet.nl for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 192.87.36.2
	;; Response received from 192.87.36.2 (253 octets) ;; HEADER SECTION ;; id = 52409 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	ns2.surfnet.nl is authoritative for bogus.d2a1n1.rootcanary.net
	Query to ns3.surfnet.nl for d2a1n1.rootcanary.net/DNSKEY
	Received 379 bytes from 195.169.124.71
	;; Response received from 195.169.124.71 (379 octets) ;; HEADER SECTION ;; id = 39013 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; Key ID = 11102 d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. U58xEuzJKTFySrbtq0JgTws+NG6NMRtSWAtLhKMBwK3rlc5IYJ2wvDoD0kyFW5GdtPyq+q4nUTzC G419Lwc5jywatLGEw8Aj+6cXW7rpWibaEOdpiIktOArm4zDiszsIB8GRZTY1GE9BJOmJAe0fl9Im sOHiX0t3AygDhYWGnT4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found child zone d2a1n1.rootcanary.net
	Attempting to learn nameservers for d2a1n1.rootcanary.net
	Query to ns1.surfnet.nl for d2a1n1.rootcanary.net/NS
	Received 279 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (279 octets) ;; HEADER SECTION ;; id = 33771 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 3 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN NS ;; ANSWER SECTION (3 records) d2a1n1.rootcanary.net. 60 IN NS sec1.rcode0.net. d2a1n1.rootcanary.net. 60 IN NS sec2.rcode0.net. d2a1n1.rootcanary.net. 60 IN RRSIG ( NS 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. qHMeSsOAl50QEB8Q6ei0vCOTGbsWnax2BhZ7ASXVVyNvAdxtiNSAESVneTAhJxOfiYmAMko7uFAy SizaFP5FYqej8TILseMX5T7AijAEc+1dd6tnzlivt5wg9YxbmAQJoV/YyUAD6FPF6GyzZKhSZ3Qy n39j2kC2ps6or7NYW/c= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found d2a1n1.rootcanary.net nameservers: sec1.rcode0.net, sec2.rcode0.net

d2a1n1.rootcanary.net

	Checking DS between rootcanary.net and d2a1n1.rootcanary.net
	Query to ns1.surfnet.nl for d2a1n1.rootcanary.net/DS
	Received 272 bytes from 192.87.106.101
	;; Response received from 192.87.106.101 (272 octets) ;; HEADER SECTION ;; id = 52968 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option: ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DS ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DS ( 11102 1 2 61a8b809ca2e35b9a082a9998c2b33cb1657b1151d65bdb92805592b181c9382 ) d2a1n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20231111063702 20230926063702 25188 rootcanary.net. ifOGV1zrQbl8VCMuHUu/8ruN4/1pcNKbGmynTM9LFedO1XLbOYyJCR6Ai26uGDyg3WBULpy/Idlu OtZN0Fp7DRz3G9LSr2WTH/DTeicTUZuBaidkv353xbkuWmJW9ltNyLqn+hdAaUTDLmaaHIH2CgJ8 ws1tm1ZtpXUiey1J2Vo= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1232 ;; option:
	Found 1 DS records for d2a1n1.rootcanary.net in the rootcanary.net zone
	DS=11102/SHA-256 has algorithm RSAMD5
	Found 1 RRSIGs over DS RRset
	`d2a1n1.rootcanary.net. 60 IN RRSIG ( DS 8 3 60 20231111063702 20230926063702 25188 rootcanary.net. ifOGV1zrQbl8VCMuHUu/8ruN4/1pcNKbGmynTM9LFedO1XLbOYyJCR6Ai26uGDyg3WBULpy/Idlu OtZN0Fp7DRz3G9LSr2WTH/DTeicTUZuBaidkv353xbkuWmJW9ltNyLqn+hdAaUTDLmaaHIH2CgJ8 ws1tm1ZtpXUiey1J2Vo= )`
	RRSIG=25188 and DNSKEY=25188 verifies the DS RRset
	DS=11102/SHA-256 is now in the chain-of-trust
	`d2a1n1.rootcanary.net. 60 IN DS ( 11102 1 2 61a8b809ca2e35b9a082a9998c2b33cb1657b1151d65bdb92805592b181c9382 )`
	Query to sec2.rcode0.net for d2a1n1.rootcanary.net/DNSKEY
	Received 379 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (379 octets) ;; HEADER SECTION ;; id = 64901 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; Key ID = 11102 d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. U58xEuzJKTFySrbtq0JgTws+NG6NMRtSWAtLhKMBwK3rlc5IYJ2wvDoD0kyFW5GdtPyq+q4nUTzC G419Lwc5jywatLGEw8Aj+6cXW7rpWibaEOdpiIktOArm4zDiszsIB8GRZTY1GE9BJOmJAe0fl9Im sOHiX0t3AygDhYWGnT4= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found 1 DNSKEY records for d2a1n1.rootcanary.net
	`d2a1n1.rootcanary.net. 60 IN DNSKEY ( 257 3 1 AwEAAdXdLh4S/z+hiYnykt3tRC2jUcdhRto7PbSxyz20iS+WSJrPCVM6KyeCRYO3/2RxOruwD02M /WO3b1bUgnj+XhTn+oAxV2pZPxulTVmqmuQccE+2FocU83c7VQYje+Q2i2AW95YTPD7AEMLreC3x 8A7aRFVxwXXwvkjmaNu0K14x ) ; Key ID = 11102`
	DNSKEY=11102/SEP is now in the chain-of-trust
	DS=11102/SHA-256 verifies DNSKEY=11102/SEP
	Found 1 RRSIGs over DNSKEY RRset
	`d2a1n1.rootcanary.net. 60 IN RRSIG ( DNSKEY 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. U58xEuzJKTFySrbtq0JgTws+NG6NMRtSWAtLhKMBwK3rlc5IYJ2wvDoD0kyFW5GdtPyq+q4nUTzC G419Lwc5jywatLGEw8Aj+6cXW7rpWibaEOdpiIktOArm4zDiszsIB8GRZTY1GE9BJOmJAe0fl9Im sOHiX0t3AygDhYWGnT4= )`
	RRSIG=11102 and DNSKEY=11102/SEP verifies the DNSKEY RRset
	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 18747 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec2.rcode0.net is authoritative for bogus.d2a1n1.rootcanary.net
	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/DNSKEY
	Received 530 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (530 octets) ;; HEADER SECTION ;; id = 1443 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023092705 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. T/avmFT4dx3NHa4gprwR2Z0mDVtA3mFqDNJf9g+SZ5m3uNLy0C71RGCqGbWQB++uQHm7zfDUpnd7 5qs21ywZj9b+P8p6iQfWgcHKkOhC/w/SW/jbgugLmdPMfF2TMcVI8LsSFEE5Wi3q7j6RoGqsD887 Dhwyl2pVEyomf45rnEA= ) bogus.d2a1n1.rootcanary.net. 60 IN NSEC ( *.bogus.d2a1n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( NSEC 1 4 86400 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. LlwK7BsPU6dBfdnrrQKdZpjlrtU4XLyCRvyqSa7dWQA7jnLP/EScQYxaHFG96JZrco/YAnpz7BA6 hIFozrMEES2hL9zrLs5Y4hk6vWpG1p4U8ixxIZ0P+BAedcx39qG6qpM8KL2ob0PtKM3Y/1SyQ6Vo PWmv7ury+gbcszTdrVg= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d2a1n1.rootcanary.net zone
	Query to sec1.rcode0.net for d2a1n1.rootcanary.net/SOA
	Received 292 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (292 octets) ;; HEADER SECTION ;; id = 19433 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; d2a1n1.rootcanary.net. IN SOA ;; ANSWER SECTION (2 records) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. T/avmFT4dx3NHa4gprwR2Z0mDVtA3mFqDNJf9g+SZ5m3uNLy0C71RGCqGbWQB++uQHm7zfDUpnd7 5qs21ywZj9b+P8p6iQfWgcHKkOhC/w/SW/jbgugLmdPMfF2TMcVI8LsSFEE5Wi3q7j6RoGqsD887 Dhwyl2pVEyomf45rnEA= ) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023092705 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Query to sec2.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 176.97.158.100
	;; Response received from 176.97.158.100 (253 octets) ;; HEADER SECTION ;; id = 44001 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= ) ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d2a1n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= )`
	RRSIG=11102 and DNSKEY=11102/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset
	The A RRset was not signed by any trusted keys

d2a1n1.rootcanary.net

	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 13839 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= ) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	sec1.rcode0.net is authoritative for bogus.d2a1n1.rootcanary.net
	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/DNSKEY
	Received 530 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (530 octets) ;; HEADER SECTION ;; id = 14083 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 0 nscount = 4 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN DNSKEY ;; ANSWER SECTION (0 records) ;; AUTHORITY SECTION (4 records) d2a1n1.rootcanary.net. 60 IN SOA ( ns1.surfnet.nl. dns-beheer.surfnet.nl. 2023092705 ;serial 10800 ;refresh 3600 ;retry 604800 ;expire 86400 ;minimum ) d2a1n1.rootcanary.net. 60 IN RRSIG ( SOA 1 3 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. T/avmFT4dx3NHa4gprwR2Z0mDVtA3mFqDNJf9g+SZ5m3uNLy0C71RGCqGbWQB++uQHm7zfDUpnd7 5qs21ywZj9b+P8p6iQfWgcHKkOhC/w/SW/jbgugLmdPMfF2TMcVI8LsSFEE5Wi3q7j6RoGqsD887 Dhwyl2pVEyomf45rnEA= ) bogus.d2a1n1.rootcanary.net. 60 IN NSEC ( *.bogus.d2a1n1.rootcanary.net. A AAAA RRSIG NSEC ) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( NSEC 1 4 86400 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. LlwK7BsPU6dBfdnrrQKdZpjlrtU4XLyCRvyqSa7dWQA7jnLP/EScQYxaHFG96JZrco/YAnpz7BA6 hIFozrMEES2hL9zrLs5Y4hk6vWpG1p4U8ixxIZ0P+BAedcx39qG6qpM8KL2ob0PtKM3Y/1SyQ6Vo PWmv7ury+gbcszTdrVg= ) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	Found RRSIG signed by d2a1n1.rootcanary.net zone
	Query to sec1.rcode0.net for bogus.d2a1n1.rootcanary.net/A
	Received 253 bytes from 192.174.68.100
	;; Response received from 192.174.68.100 (253 octets) ;; HEADER SECTION ;; id = 59483 ;; qr = 1 aa = 1 tc = 0 rd = 0 opcode = QUERY ;; ra = 0 z = 0 ad = 0 cd = 0 rcode = NOERROR ;; qdcount = 1 ancount = 2 nscount = 0 arcount = 1 ;; do = 1 ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option: ;; QUESTION SECTION (1 record) ;; bogus.d2a1n1.rootcanary.net. IN A ;; ANSWER SECTION (2 records) bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= ) bogus.d2a1n1.rootcanary.net. 60 IN A 145.97.20.20 ;; AUTHORITY SECTION (0 records) ;; ADDITIONAL SECTION (1 record) ;; EDNS version 0 ;; flags: 8000 ;; rcode: NOERROR ;; size: 1400 ;; option:
	bogus.d2a1n1.rootcanary.net A RR has value 145.97.20.20
	Found 1 RRSIGs over A RRset
	`bogus.d2a1n1.rootcanary.net. 60 IN RRSIG ( A 1 4 60 20231111063702 20230926063702 11102 d2a1n1.rootcanary.net. oufzSe6hkV7G2NoYsHNUbUDI28/dpqOmYjanqJd3LMPPpcLz6epQYT+bmCp7YYtV4fMKeMU/pTt7 fHiYqsujxnBICgwSpleLnEXEjM3xB8MF2lvIADvmRcRxuJma9opev6IpefuBbENPFMiwzswAzStl paD2k1LKGnqfBoJ7ZYM= )`
	RRSIG=11102 and DNSKEY=11102/SEP does not verify the A RRset (signature verification failed)
	None of the 1 RRSIG and 1 DNSKEY records validate the A RRset

Move your mouse over any or symbols for remediation hints.

Want a second opinion? Test bogus.d2a1n1.rootcanary.net at dnsviz.net.

DNSSEC Analyzer

↓ Advanced options ↑ Advanced options

Trust Anchor:
Name Servers: